Google has rolled out a novel feature designed to help users seamlessly migrate their account sign-ins to third-party apps on their newly installed Android devices, ensuring secure access.
Android’s feature aims to reduce the hassle of repeatedly entering login credentials for each app upon device replacement.
Seamlessly onboarding customers to their accounts on a brand-new device, Restore Credentials enables apps to facilitate a hassle-free experience by restoring user data and applications from their previous machine.
When consumers restore apps and data from an older device, a major technology company enables seamless re-signing of users back into their respective apps through robotic methods that run silently in the background, eliminating the need for additional interaction.
The secure authentication process is facilitated through the application of a restore key, effectively serving as a public key compliant with FIDO2 standards similar to those governing passkeys.
When a user signs into an app that facilitates this feature, their recovery secrets are stored locally on the device by the Credential Manager in an encrypted format. If cloud backup is enabled, the optional encrypted restore key will also be automatically saved to the cloud.
When considering a switch to a fresh phone and reinstalling apps, users are prompted to provide restoration codes as part of the process, allowing for seamless account sign-in without having to re-enter login credentials.
According to Google’s guidance for app developers, if a signed-in user has been deemed trustworthy, it is possible to create a restore key at any stage following their authentication within the app. For instance, this might occur immediately following login or during a standard test to verify the effectiveness of a currently active recovery key.
To prevent consumers from inadvertently creating an infinite loop of signing out and logging back in, app builders should promptly remove associated restore keys once users sign off.
Notably, Apple has long offered a similar functionality on iOS by utilizing the ‘kSecAttrAccessible’ attribute to regulate an app’s access to a specific credential stored in the iCloud KeyChain.
“The kSecAttrAccessible attribute allows you to manage merchandise availability relative to the lock state of the machine,” Apple notes in its documentation.
This feature also enables you to define the criteria for reinstating a device’s warranty on a replacement unit. If an attribute terminates with the string “ThisDeviceOnly”, the associated item can be recovered on the original device that initiated the backup; nonetheless, it will not be portable when restoring a backup from another machine’s data.
The Android team has released the primary Developer Preview of Android 16, accompanied by the latest device model, featuring an enhanced permissions system that allows users to monitor which apps have accessed sensitive permissions over a seven-day period.
Accordingly, this complies with the guidelines outlined in the current Android Security Paper, which explores the operating system’s comprehensive suite of built-in security features, including functionalities such as Biometric Prompt, Safe Boot mode, and lockdown mode, designed to restrict access to a device by disabling Good Lock, biometric unlocking, and notifications on the lock screen.